Example 36 with VirtualMachineTemplate
use of com.cloud.template.VirtualMachineTemplate in project cloudstack by apache.
the class UserVmManagerImpl method createVirtualMachine.
@Override
public UserVm createVirtualMachine(DeployVMCmd cmd) throws InsufficientCapacityException, ResourceUnavailableException, ConcurrentOperationException, StorageUnavailableException, ResourceAllocationException {
//Verify that all objects exist before passing them to the service
Account owner = _accountService.getActiveAccountById(cmd.getEntityOwnerId());
verifyDetails(cmd.getDetails());
Long zoneId = cmd.getZoneId();
DataCenter zone = _entityMgr.findById(DataCenter.class, zoneId);
if (zone == null) {
throw new InvalidParameterValueException("Unable to find zone by id=" + zoneId);
}
Long serviceOfferingId = cmd.getServiceOfferingId();
ServiceOffering serviceOffering = _entityMgr.findById(ServiceOffering.class, serviceOfferingId);
if (serviceOffering == null) {
throw new InvalidParameterValueException("Unable to find service offering: " + serviceOfferingId);
}
Long templateId = cmd.getTemplateId();
if (!serviceOffering.isDynamic()) {
for (String detail : cmd.getDetails().keySet()) {
if (detail.equalsIgnoreCase("cpuNumber") || detail.equalsIgnoreCase("cpuSpeed") || detail.equalsIgnoreCase("memory")) {
throw new InvalidParameterValueException("cpuNumber or cpuSpeed or memory should not be specified for static service offering");
}
}
}
VirtualMachineTemplate template = _entityMgr.findById(VirtualMachineTemplate.class, templateId);
// Make sure a valid template ID was specified
if (template == null) {
throw new InvalidParameterValueException("Unable to use template " + templateId);
}
Long diskOfferingId = cmd.getDiskOfferingId();
DiskOffering diskOffering = null;
if (diskOfferingId != null) {
diskOffering = _entityMgr.findById(DiskOffering.class, diskOfferingId);
if (diskOffering == null) {
throw new InvalidParameterValueException("Unable to find disk offering " + diskOfferingId);
}
}
if (!zone.isLocalStorageEnabled()) {
if (serviceOffering.getUseLocalStorage()) {
throw new InvalidParameterValueException("Zone is not configured to use local storage but service offering " + serviceOffering.getName() + " uses it");
}
if (diskOffering != null && diskOffering.getUseLocalStorage()) {
throw new InvalidParameterValueException("Zone is not configured to use local storage but disk offering " + diskOffering.getName() + " uses it");
}
}
String ipAddress = cmd.getIpAddress();
String ip6Address = cmd.getIp6Address();
String name = cmd.getName();
String displayName = cmd.getDisplayName();
UserVm vm = null;
IpAddresses addrs = new IpAddresses(ipAddress, ip6Address);
Long size = cmd.getSize();
String group = cmd.getGroup();
String userData = cmd.getUserData();
String sshKeyPairName = cmd.getSSHKeyPairName();
Boolean displayVm = cmd.getDisplayVm();
String keyboard = cmd.getKeyboard();
if (zone.getNetworkType() == NetworkType.Basic) {
if (cmd.getNetworkIds() != null) {
throw new InvalidParameterValueException("Can't specify network Ids in Basic zone");
} else {
vm = createBasicSecurityGroupVirtualMachine(zone, serviceOffering, template, getSecurityGroupIdList(cmd), owner, name, displayName, diskOfferingId, size, group, cmd.getHypervisor(), cmd.getHttpMethod(), userData, sshKeyPairName, cmd.getIpToNetworkMap(), addrs, displayVm, keyboard, cmd.getAffinityGroupIdList(), cmd.getDetails(), cmd.getCustomId());
}
} else {
if (zone.isSecurityGroupEnabled()) {
vm = createAdvancedSecurityGroupVirtualMachine(zone, serviceOffering, template, cmd.getNetworkIds(), getSecurityGroupIdList(cmd), owner, name, displayName, diskOfferingId, size, group, cmd.getHypervisor(), cmd.getHttpMethod(), userData, sshKeyPairName, cmd.getIpToNetworkMap(), addrs, displayVm, keyboard, cmd.getAffinityGroupIdList(), cmd.getDetails(), cmd.getCustomId());
} else {
if (cmd.getSecurityGroupIdList() != null && !cmd.getSecurityGroupIdList().isEmpty()) {
throw new InvalidParameterValueException("Can't create vm with security groups; security group feature is not enabled per zone");
}
vm = createAdvancedVirtualMachine(zone, serviceOffering, template, cmd.getNetworkIds(), owner, name, displayName, diskOfferingId, size, group, cmd.getHypervisor(), cmd.getHttpMethod(), userData, sshKeyPairName, cmd.getIpToNetworkMap(), addrs, displayVm, keyboard, cmd.getAffinityGroupIdList(), cmd.getDetails(), cmd.getCustomId());
}
}
return vm;
}
Also used :
IpAddresses(com.cloud.network.Network.IpAddresses)
Account(com.cloud.user.Account)
UserVm(com.cloud.uservm.UserVm)
DataCenter(com.cloud.dc.DataCenter)
DiskOffering(com.cloud.offering.DiskOffering)
VirtualMachineTemplate(com.cloud.template.VirtualMachineTemplate)
InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException)
ServiceOffering(com.cloud.offering.ServiceOffering)
Example 37 with VirtualMachineTemplate
use of com.cloud.template.VirtualMachineTemplate in project cloudstack by apache.
the class AccountManagerImpl method checkAccess.
@Override
public void checkAccess(Account caller, AccessType accessType, boolean sameOwner, String apiName, ControlledEntity... entities) {
//check for the same owner
Long ownerId = null;
ControlledEntity prevEntity = null;
if (sameOwner) {
for (ControlledEntity entity : entities) {
if (sameOwner) {
if (ownerId == null) {
ownerId = entity.getAccountId();
} else if (ownerId.longValue() != entity.getAccountId()) {
throw new PermissionDeniedException("Entity " + entity + " and entity " + prevEntity + " belong to different accounts");
}
prevEntity = entity;
}
}
}
if (caller.getId() == Account.ACCOUNT_ID_SYSTEM || isRootAdmin(caller.getId())) {
// no need to make permission checks if the system/root admin makes the call
if (s_logger.isTraceEnabled()) {
s_logger.trace("No need to make permission check for System/RootAdmin account, returning true");
}
return;
}
HashMap<Long, List<ControlledEntity>> domains = new HashMap<Long, List<ControlledEntity>>();
for (ControlledEntity entity : entities) {
long domainId = entity.getDomainId();
if (entity.getAccountId() != -1 && domainId == -1) {
// If account exists domainId should too so calculate
// it. This condition might be hit for templates or entities which miss domainId in their tables
Account account = ApiDBUtils.findAccountById(entity.getAccountId());
domainId = account != null ? account.getDomainId() : -1;
}
if (entity.getAccountId() != -1 && domainId != -1 && !(entity instanceof VirtualMachineTemplate) && !(entity instanceof Network && accessType != null && accessType == AccessType.UseEntry) && !(entity instanceof AffinityGroup)) {
List<ControlledEntity> toBeChecked = domains.get(entity.getDomainId());
// for templates, we don't have to do cross domains check
if (toBeChecked == null) {
toBeChecked = new ArrayList<ControlledEntity>();
domains.put(domainId, toBeChecked);
}
toBeChecked.add(entity);
}
boolean granted = false;
for (SecurityChecker checker : _securityCheckers) {
if (checker.checkAccess(caller, entity, accessType, apiName)) {
if (s_logger.isDebugEnabled()) {
s_logger.debug("Access to " + entity + " granted to " + caller + " by " + checker.getName());
}
granted = true;
break;
}
}
if (!granted) {
assert false : "How can all of the security checkers pass on checking this check: " + entity;
throw new PermissionDeniedException("There's no way to confirm " + caller + " has access to " + entity);
}
}
for (Map.Entry<Long, List<ControlledEntity>> domain : domains.entrySet()) {
for (SecurityChecker checker : _securityCheckers) {
Domain d = _domainMgr.getDomain(domain.getKey());
if (d == null || d.getRemoved() != null) {
throw new PermissionDeniedException("Domain is not found.", caller, domain.getValue());
}
try {
checker.checkAccess(caller, d);
} catch (PermissionDeniedException e) {
e.addDetails(caller, domain.getValue());
throw e;
}
}
}
// check that resources belong to the same account
}
Also used :
VirtualMachineTemplate(com.cloud.template.VirtualMachineTemplate)
HashMap(java.util.HashMap)
SecurityChecker(org.apache.cloudstack.acl.SecurityChecker)
AffinityGroup(org.apache.cloudstack.affinity.AffinityGroup)
ControlledEntity(org.apache.cloudstack.acl.ControlledEntity)
Network(com.cloud.network.Network)
PermissionDeniedException(com.cloud.exception.PermissionDeniedException)
ArrayList(java.util.ArrayList)
List(java.util.List)
Domain(com.cloud.domain.Domain)
Map(java.util.Map)
HashMap(java.util.HashMap)
Aggregations
VirtualMachineTemplate (com.cloud.template.VirtualMachineTemplate)37
ServerApiException (org.apache.cloudstack.api.ServerApiException)15
TemplateResponse (org.apache.cloudstack.api.response.TemplateResponse)13
ServerApiException (com.cloud.api.ServerApiException)8
Account (com.cloud.user.Account)8
TemplateResponse (com.cloud.api.response.TemplateResponse)7
InvalidParameterValueException (com.cloud.exception.InvalidParameterValueException)6
DataCenter (com.cloud.dc.DataCenter)5
ServiceOffering (com.cloud.offering.ServiceOffering)5
ListResponse (org.apache.cloudstack.api.response.ListResponse)5
ConcurrentOperationException (com.cloud.exception.ConcurrentOperationException)4
InsufficientCapacityException (com.cloud.exception.InsufficientCapacityException)4
ResourceAllocationException (com.cloud.exception.ResourceAllocationException)4
ResourceUnavailableException (com.cloud.exception.ResourceUnavailableException)4
StorageUnavailableException (com.cloud.exception.StorageUnavailableException)4
CloudRuntimeException (com.cloud.utils.exception.CloudRuntimeException)4
URISyntaxException (java.net.URISyntaxException)4
ListResponse (com.cloud.api.response.ListResponse)3
PermissionDeniedException (com.cloud.exception.PermissionDeniedException)3
Network (com.cloud.network.Network)3
